Energias de Portugal (EDP) Fell Victim to the “Ragnar Locker” Ransomware

  • EDP fell victim to the Ragnar Locker ransomware and now are requested to pay $10.8 million.
  • The hackers stole ten terabytes of data and threatened to publish them everywhere.
  • Ragnar Locker has been around for months now, and the methods of delivery were also already known.

Hackers have managed to cripple the systems of Energias de Portugal (EDP) using the Ragnar Locker ransomware strain. EDP is Portugal’s largest electric and gas energy provider, and also a big player in the Spanish, U.S., Brazilian, and South Chinese market. That said, the ransom that the actors are asking for now is naturally a hefty one, set at 1,580 BTC, which is the equivalent of approximately $10.8 million. In addition to locking files, the attackers have also exfiltrated the data, and they are now threatening to leak sensitive documents.

This continues the trend of ransomware actors who are not limited to infecting the victim’s systems but also engage in continual extortion by using stolen files. In this particular case, the actors have seized more than ten terabytes of data, some of which EDP would prefer to keep private. The hackers have even published screenshots of the stolen files to prove that they indeed possess the claimed contracts, billing details, transactions, etc.

Leak site
Source: Bleeping Computer

They are now threatening to publish the files in various online blogs and journals, while also notifying all of EDP’s clients, partners, and competitors. It is a catastrophic development for the energy giant, who is now forced to negotiate with unreliable crooks. Even if the company decides to pay the ransom, there’s nothing that would guarantee the confidentiality of the stolen data.

The actors plan to leak the stolen files in parts, and from what they unveiled in the published images, they hold password manager databases, employees’ network login credentials, notes, URLs, and other sensitive data that they have neatly bundled in individual packs. As for the ransom note to EDP, this is given below. In it, the actors provide instructions on how to respond to this crisis, offering a secure communication portal via a chat room. EDP’s agents are even advised to be patient, as the actors aren’t in the chat room 24/7.

ransom note
Source: Bleeping Computer

We are pretty sure that those who determine the cyber-security budget in EDP are now dealing with a blow of regret and contrition, but they should have known better. Ragnar Locker has been attacking large corporations for over four months now, delivered via MSP enterprise support tools like ConnectWise and Kaseya remote management software solutions. EDP had the time to mitigate these risks and should have paid attention to the news when the actors were requesting $200k to $600k. Not doing so will now cost them millions in ransom payments, business disruption, confidential data exposure, and IT systems cleanup.

REVIEW OVERVIEW

Recent Articles

“Maze” Ransomware Adopts the “Ragnar Locker” VM Wrapping Trick

"Maze" is now using virtual machine files wrapped in Windows installers to deliver its payload. This method was first spotted on "Ragnar...

How to Hide VPN IP Addresses (4 Options That Work)

There are tons of online guides that talk about how you can hide your IP address (here's our own). But we have yet to...

How to Watch ‘Black Clover’ Season 1 – 3 (Dub & Sub) Online

When it comes to manga and anime, everyone has favorites. Well, Black Clover is the favorite of many of our team members, and we're...